question

ojooo-4351 avatar image
0 Votes"
ojooo-4351 asked DSPatrick answered

windows server 2019 unable to authenticate to secondary domain controller using Cisco ASA firewall

First of all, is it possible to authenticate on a domain with two domain controllers running Windows server 2019 to authenticate to the primary and the secondary domain controller, while both domain controllers are up and functional?

No errors have been found when running dcdiag on both domain controllers.

When authenticating from a Cisco ASA firewall the authentication and authorisation to the primary domain controller is succesful, but when authenticating or authorizing to the second domain controller it fails with a unknown error.

The configuration for both DC's is the same on the ASA, except for the IP adress.

So what could be the problem?

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

What happens when you try? Please run;

Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt
ipconfig /all > C:\problemworkstation.txt

then put unzipped text files up on OneDrive and share a link.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ojooo-4351 avatar image
0 Votes"
ojooo-4351 answered

Hi, sorry for the late response, here you can find the log files as requested.
The only thing missing is the "problemworkstation" , because there isn't any, the problem is in the Cisco ASA.

https://1drv.ms/u/s!AiJnqSX-_IInoHTypnY7gNkiEx-M?e=Sdud76

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

A couple of issues that may or not be related.

User credentials does not have permission to perform this operation. The account used for this test must have network logon privileges.


https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/replication-error-8453
https://support.microsoft.com/en-us/topic/3489ffaf-0f43-2a29-0ee6-531524179491

--please don't forget to upvote and Accept as answer if the reply is helpful--




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--






5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.